diff options
-rw-r--r-- | source3/include/proto.h | 3 | ||||
-rw-r--r-- | source3/libads/kerberos_keytab.c | 10 | ||||
-rw-r--r-- | source3/libads/ldap.c | 36 |
3 files changed, 36 insertions, 13 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h index b8d48bebd8..de40ff6912 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -2081,7 +2081,8 @@ char *ads_ou_string(ADS_STRUCT *ads, const char *org_unit); char *ads_default_ou_string(ADS_STRUCT *ads, const char *wknguid); ADS_STATUS ads_add_strlist(TALLOC_CTX *ctx, ADS_MODLIST *mods, const char *name, const char **vals); -uint32 ads_get_kvno(ADS_STRUCT *ads, const char *machine_name); +uint32 ads_get_kvno(ADS_STRUCT *ads, const char *account_name); +uint32_t ads_get_machine_kvno(ADS_STRUCT *ads, const char *machine_name); ADS_STATUS ads_clear_service_principal_names(ADS_STRUCT *ads, const char *machine_name); ADS_STATUS ads_add_service_principal_name(ADS_STRUCT *ads, const char *machine_name, const char *my_fqdn, const char *spn); diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c index d0161ada01..8e6983897f 100644 --- a/source3/libads/kerberos_keytab.c +++ b/source3/libads/kerberos_keytab.c @@ -312,9 +312,9 @@ int ads_keytab_add_entry(ADS_STRUCT *ads, const char *srvPrinc) } } - kvno = (krb5_kvno) ads_get_kvno(ads, global_myname()); + kvno = (krb5_kvno) ads_get_machine_kvno(ads, global_myname()); if (kvno == -1) { /* -1 indicates failure, everything else is OK */ - DEBUG(1,("ads_keytab_add_entry: ads_get_kvno failed to determine the system's kvno.\n")); + DEBUG(1,("ads_keytab_add_entry: ads_get_machine_kvno failed to determine the system's kvno.\n")); ret = -1; goto out; } @@ -380,7 +380,7 @@ int ads_keytab_flush(ADS_STRUCT *ads) goto out; } - kvno = (krb5_kvno) ads_get_kvno(ads, global_myname()); + kvno = (krb5_kvno) ads_get_machine_kvno(ads, global_myname()); if (kvno == -1) { /* -1 indicates a failure */ DEBUG(1,("ads_keytab_flush: Error determining the system's kvno.\n")); goto out; @@ -527,9 +527,9 @@ int ads_keytab_create_default(ADS_STRUCT *ads) /* Now loop through the keytab and update any other existing entries... */ - kvno = (krb5_kvno) ads_get_kvno(ads, machine_name); + kvno = (krb5_kvno) ads_get_machine_kvno(ads, machine_name); if (kvno == -1) { - DEBUG(1,("ads_keytab_create_default: ads_get_kvno failed to determine the system's kvno.\n")); + DEBUG(1,("ads_keytab_create_default: ads_get_machine_kvno failed to determine the system's kvno.\n")); return -1; } diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 01c4b442c8..7b9e51068b 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -1516,13 +1516,13 @@ ADS_STATUS ads_add_strlist(TALLOC_CTX *ctx, ADS_MODLIST *mods, } /** - * Determines the computer account's current KVNO via an LDAP lookup + * Determines the an account's current KVNO via an LDAP lookup * @param ads An initialized ADS_STRUCT - * @param machine_name the NetBIOS name of the computer, which is used to identify the computer account. - * @return the kvno for the computer account, or -1 in case of a failure. + * @param account_name the NT samaccountname. + * @return the kvno for the account, or -1 in case of a failure. **/ -uint32 ads_get_kvno(ADS_STRUCT *ads, const char *machine_name) +uint32 ads_get_kvno(ADS_STRUCT *ads, const char *account_name) { LDAPMessage *res = NULL; uint32 kvno = (uint32)-1; /* -1 indicates a failure */ @@ -1531,14 +1531,14 @@ uint32 ads_get_kvno(ADS_STRUCT *ads, const char *machine_name) char *dn_string = NULL; ADS_STATUS ret = ADS_ERROR(LDAP_SUCCESS); - DEBUG(5,("ads_get_kvno: Searching for host %s\n", machine_name)); - if (asprintf(&filter, "(samAccountName=%s$)", machine_name) == -1) { + DEBUG(5,("ads_get_kvno: Searching for account %s\n", account_name)); + if (asprintf(&filter, "(samAccountName=%s)", account_name) == -1) { return kvno; } ret = ads_search(ads, &res, filter, attrs); SAFE_FREE(filter); if (!ADS_ERR_OK(ret) || (ads_count_replies(ads, res) != 1)) { - DEBUG(1,("ads_get_kvno: Computer Account For %s not found.\n", machine_name)); + DEBUG(1,("ads_get_kvno: Account for %s not found.\n", account_name)); ads_msgfree(ads, res); return kvno; } @@ -1574,6 +1574,28 @@ uint32 ads_get_kvno(ADS_STRUCT *ads, const char *machine_name) } /** + * Determines the computer account's current KVNO via an LDAP lookup + * @param ads An initialized ADS_STRUCT + * @param machine_name the NetBIOS name of the computer, which is used to identify the computer account. + * @return the kvno for the computer account, or -1 in case of a failure. + **/ + +uint32_t ads_get_machine_kvno(ADS_STRUCT *ads, const char *machine_name) +{ + char *computer_account = NULL; + uint32_t kvno = -1; + + if (asprintf(&computer_account, "%s$", machine_name) < 0) { + return kvno; + } + + kvno = ads_get_kvno(ads, computer_account); + free(computer_account); + + return kvno; +} + +/** * This clears out all registered spn's for a given hostname * @param ads An initilaized ADS_STRUCT * @param machine_name the NetBIOS name of the computer. |